What you need to know
- Brazilian thieves caught stealing iPhones in order to access bank accounts have revealed how they accessed user data.
- Turns out they just swapped the SIM card to a different device and then searched for a user's Apple ID email address on social media to reset the password.
- The gang boasted they could unlock any iPhone from the 5 to the 11.
A gang of thieves caught stealing iPhones in Brazil was able to access user accounts and iCloud Keychain data simply by swapping the SIM card from a stolen, unlocked device to another phone and looking up the user's email address online, a new report has revealed.
Folha De S.Paulo reports on a recently-caught gang who specialized in "hacking bank accounts after the theft of mobile phones" in late 2020. The report says that one of the criminals boasted to police they could unlock "all models of iPhone" from the iPhone 5 right up to the iPhone 11. (The iPhone 12 hadn't been released in Brazil at the time)
Whilst it had been postulated the gang was using some crazy hacking tool or system to access devices, it had actually found a very simple way to bypass iCloud security with worrying ease:
According to Barber, to get the devices unlocked, he removed the chip from the stolen device and insert it into another unlocked device. Then, he started doing searches on social networks (especially Facebook and Instagram) to find out which account was linked to that line number. Then, he went to search for the email address that the victim used to back up the contents of the device, especially in clouds iCloud and Google Drive, first searched for extensions @gmail.com.
The report says the criminals were seemingly able to restore new phones from an iCloud backup, using the phone number attached to the SIM card to reset the Apple ID, and would then scour the device for password information stored in an app likes Notes, or within iCloud Keychain for something like credentials for a banking app.
The report says 12 people were arrested last year as part of the scheme, with another 28 identified as members, it describes how "young men on bicycles" would steal phones from pedestrians, switching the phone to camera mode to stop the iPhone from locking and turning on airplane mode to stop the device being tracked.
This explains how the criminals were able to also bypass basic iOS security measures like Touch ID and Face ID, as well as the alphanumeric password protection usually required to unlock a device for use, and is a key reminder as to how important it is to use the password protection built into iOS to secure your device physically:
Whilst the exploit requires physical access to an unlocked iPhone, snatching the phones from the hands of unsuspecting pedestrians using them at the time meant this was fairly easy to achieve for the gang. It is also a reminder as to why many recommend using some of the best password manager apps to further secure information held on devices like the iPhone.
You can read the full report here.